Multiple array index errors in the
Audible::Tag::readTag() function in metadata/audible/audibletag.cpp can
lead to invalid pointer dereferences, or the writing of a 0x00 byte to
an arbitrary memory location after an allocation failure
(CVE-2009-0136).

Impact

A remote attacker could entice a user to open a specially crafted
Audible Audio (.aa) file with a large "nlen" or "vlen" tag value to
execute arbitrary code or cause a Denial of Service.